[
https://issues.apache.org/jira/browse/XERCESJ-1783?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17995754#comment-17995754
]
VIVEK BIBHUTI commented on XERCESJ-1783:
----------------------------------------
Even 1.2 file doesn't have the License file in it.
> Not having License.txt in xml-resolver-1.1.jar
> ----------------------------------------------
>
> Key: XERCESJ-1783
> URL: https://issues.apache.org/jira/browse/XERCESJ-1783
> Project: Xerces2-J
> Issue Type: Improvement
> Components: Other
> Reporter: VIVEK BIBHUTI
> Priority: Minor
>
> Hi,
> We are using *xml-resolver-1.1.jar* in our project.
> One of our customer has reported that this jar doesn't contains License.txt
> file and raised as a critical vulnerability by their IQ scan (Sonatype).
> We explained that the MANIFEST.MF has a link to Apache site, where the
> license is already available publicly.
> Two question
> 1. Why the License file is not added to the jar itself?
> 2. Could you please check if the License.txt can be added in the
> xml-resolver-1.1.jar?
> [https://github.com/apache/xerces-j/tree/xml-commons-resolver]
> [https://mvnrepository.com/artifact/xml-resolver/xml-resolver/1.1]
>
> We have raised this query to LEGAL also they suggest us to raise another Jira
> in XERCESJ project. Below is the reference
> https://issues.apache.org/jira/browse/LEGAL-705
>
> Regards
> Vivek
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
